Special Events

So there I was, grabbing a bit of lunch, doing my daily catch up on the forums here at The Ethical Hacker Network (EH-Net), and Don, our Editor-in-Chief, posted the hacking challenge, RUaNinja? “Sweet!” I thought, “I’m always up for these skills tests, so let’s see what Don has for us today.” Then, as I opened the thread, I realized I was in for a treat! As a fun way to promote his Syngress book, Ninja Hacking (Co-Authored by Thomas Wilhelm), Jason Andress, author of some excellent reads and a well-known IT security aficionado, had put together a masterpiece of a challenge tasking the readers to dig deep in their toolboxes, reach outside the box, and get into the mindset of a seasoned strategist.

Much like ninjutsu, the challenge involved stealth, concealment, decryption, and even a little extra something… a keen sense of awareness both of your surroundings as well as those things lying right under your nose. So without further ado, here’s the story of my struggles, and ultimately my successes, with the RUaNinja? Challenge. Note: The events below were not all completed in one day. I bow to Jason for giving me a workout.

In the video of this EH-Net exclusive webinar, HD Moore gives a technical sneak peek of the next version of Metasploit Pro before it is available for download. The webinar includes a live demo of a Metasploit Pro pre-release version. This webinar will focus on new penetration testing features in the new version, including improvements of existing features and completely new functionality. The webinar will focus on the commercial edition Metasploit Pro, Rapid7’s flagship product for penetration testing and vulnerability verification, but also include information on improvements in the free, open source Metasploit Framework.

HD Moore is Chief Security Officer at Rapid7 and Chief Architect of Metasploit, the leading open-source penetration testing platform. HD founded the Metasploit Project in the summer of 2003 with the goal of becoming a public resource for exploit code research and development. Prior to joining Rapid7 and continuing his work on the Metasploit Framework, HD was the Director of Security Research at BreakingPoint Systems, where he focused on the content and security testing features of the BreakingPoint product line. Prior to BreakingPoint, HD spent seven years providing vulnerability assessments, leading penetration tests, and developing exploit code.

Armitage is a front-end for Metasploit that allows team collaboration and exposes the advanced features of the framework. Raphael Mudge, Armitage Creator, has made a six-part training series on Armitage and Metasploit for the ethicalhacker.net community. These demonstration-heavy lectures introduce the penetration testing process and walk you through each step. You’ll learn how to break into hosts, carry out post-exploitation activities, develop more access from your initial foothold, and you’ll do this in a team environment.

These lectures were initially created for the Austin, TX ISSA and OWASP half-day Metasploit training event in June. Elated after several tex-mex meals, Raphael recorded these lectures for us. If you’re new to penetration testing and want to understand Metasploit and Armitage, these lectures are for you. Also, be sure to read Hacking Linux with Armitage from February 2011. Enjoy the training!

In this EH-Net exclusive webinar, HD Moore gives a technical sneak peek of the next version of Metasploit Pro before it is available for download. The webinar includes a live demo of a Metasploit Pro pre-release version. This webinar will focus on new penetration testing features in the new version, including improvements of existing features and completely new functionality. The webinar will focus on the commercial edition Metasploit Pro, Rapid7’s flagship product for penetration testing and vulnerability verification, but also include information on improvements in the free, open source Metasploit Framework.

HD Moore is Chief Security Officer at Rapid7 and Chief Architect of Metasploit, the leading open-source penetration testing platform. HD founded the Metasploit Project in the summer of 2003 with the goal of becoming a public resource for exploit code research and development. Prior to joining Rapid7 and continuing his work on the Metasploit Framework, HD was the Director of Security Research at BreakingPoint Systems, where he focused on the content and security testing features of the BreakingPoint product line. Prior to BreakingPoint, HD spent seven years providing vulnerability assessments, leading penetration tests, and developing exploit code.

Date: Thursday, July 28, 2011
Time: 2:00 PM – 3:00 PM EDT

Even if you can’t join us live, please register anyway to get details on the video!

The entire hour and a half video of the webcast
and complete slide deck are now available.

On March 22 last month, EH-Net presented a webcast with James “egyp7″ Lee who took the participants on a technical deep-dive through the new features of the free and open source Metasploit Framework version 3.6, focusing on techniques valuable to professional penetration testers in red teams and consulting firms. This included post exploitation modules (a more powerful replacement for Meterpreter scripts) and using platform-agnostic payloads for increased pwnage. Before the lengthy Q&A, he also covered some of the feature highlights in the commercial editions, Metasploit Pro and Metasploit Express. Webcast participants and now viewers of this video should be familiar with the concepts of Metasploit and penetration testing.

James “egyp7″ Lee has been contributing to the open source Metasploit Framework as a core developer and project manager since April 2008. Before joining Rapid7 to work on Metasploit in a full-time position, he discovered numerous vulnerabilities in SCADA and Industrial Control Systems at Idaho National Laboratory. James has presented at DEF CON, Black Hat USA, Black Hat DC, SANS Process Control & SCADA Security Summit, and other events.

James "egyp7" Lee takes participants in a technical deep-dive through the new features of the free and open source Metasploit Framework version 3.6, focusing on techniques valuable to professional penetration testers in red teams and consulting firms. This will include post exploitation modules (a more powerful replacement for Meterpreter scripts) and using platform-agnostic payloads for increased pwnage. Before the Q&A, he will also cover some of the feature highlights in the commercial Metasploit editions Metasploit Pro and Metasploit Express. Webinar participants should be familiar with the concepts of Metasploit and penetration testing.

James "egyp7" Lee has been contributing to the open source Metasploit Framework as a core developer and project manager since April 2008. Before joining Rapid7 to work on Metasploit in a full-time position, he discovered numerous vulnerabilities in SCADA and Industrial Control Systems at Idaho National Laboratory. James has presented at DEF CON, Black Hat USA, Black Hat DC, SANS Process Control & SCADA Security Summit, and other events.

Date: Tuesday, March 22, 2011
Time: 11:00 AM – 12:30 PM CDT

Even if you can’t join us for the live event, please register for future details on how to get the video!

In Part I, Modern Social Engineering – A Vital Component of Pen Testing, Chris Nickerson & Mike Murray adeptly covered the generalities of Social Engineering, and how it is a repeatable process perfect for inclusion in penetration testing. So let’s go a little deeper into crafting these attacks. What are some of the tricks of the verbal trade that make people far more likely to fall prey to those phishing attacks or that fraudulent web site? What tools can I use to test and eventually utilize to attack… er… audit my target organization? This 1-hour webcast dives deeper into the process of Electronic SE (eSE) and offers real-world examples of combining the skills of the social engineer with the toolkit of the ethical hacker.

The entire hour and a half video of the webcast as well as the slide deck are available below.

In Part I, Modern Social Engineering – A Vital Component of Pen Testing, Chris Nickerson & Mike Murray adeptly covered the generalities of Social Engineering, and how it is a repeatable process perfect for inclusion in penetration testing. So let’s go a little deeper into crafting these attacks. What are some of the tricks of the verbal trade that make people far more likely to fall prey to those phishing attacks or that fraudulent web site? What tools can I use to test and eventually utilize to attack… er… audit my target organization? This 1-hour webcast dives deeper into the process of Electronic SE (eSE) and offers real-world examples of combining the skills of the social engineer with the toolkit of the ethical hacker.

So, please mark your calendars and join us for this continuing series on Social Engineering. You can also meet all of us and many more industry experts at ChicagoCon, the World’s Only Ethical Hacking Conference. And at only $100 for 2 days on May 8 – 9 with talks, CtF, breakout sessions, food, swag and more, it’s a steal!

Join world-renowned social engineers, Chris Nickerson of TruTV’s Tiger Team and noted expert and international speaker, Mike Murray, as they prepare you for the future of pen testing. This webcast on Thursday April 30, 2009 at 12:00 Noon CDT continues your education in the world of "Modern Social Engineering."